Salut, Maurice, On Tue, 1 Jul 2008 16:02:46 -0400, Maurice Volaski wrote: > It turns out it was intentionally presenting me with misinformation. > You see, there was no key file present where it was looking. I > thought it was looking in one place, but it was actually looking in > another. > > Fail quietly, indeed! It's not simply doing this under ordinary > operation, but even in debug operation, even under debug level 3. In > the perfect place where it can tell us quite informatively what's > about to go wrong--there is nothing! > > So in case you're wondering why debugging OpenSSH can be so hard, now > you know.
Please bear in mind that in the world of cryptography, the difference
between proper error messages and information disclosure
vulnerabilities is narrow, or only a nuance.
Tonnerre
--
SyGroup GmbH
Tonnerre Lombard
Solutions Systematiques
Tel:+41 61 333 80 33 Güterstrasse 86
Fax:+41 61 383 14 67 4053 Basel
Web:www.sygroup.ch [EMAIL PROTECTED]
signature.asc
Description: PGP signature
